Table of Contents
Advertisement
VPN menu features
IPsec example
Step 2: Complete the Tunnel settings page
Enter a description of the tunnel in the Tunnel name field. The name must not contain spaces or start
1
or end with a number. In this example, enter: Branch_Office.
Leave the Enable this tunnel checkbox selected.
2
Select the Internet interface the IPSec tunnel is to go out on. In this example, select default gateway
3
interface option.
Select the type of keying for the tunnel to use. In this example, select the Aggressive mode (IKE)
4
option.
Select the type of IPSec endpoint this UTM Firewall appliance has. In this example, select the static IP
5
address option in the Local address list.
Select the type of IPSec endpoint the remote party has. In this example, select the dynamic IP address
6
option in the Remote address list.
Click Next to configure the Local Endpoint Settings.
7
Step 3: Local endpoint settings page
Leave the Optional Endpoint ID field blank in this example. It is optional because this UTM Firewall
1
appliance has a static IP address. If the remote party is a UTM Firewall appliance and an Endpoint ID is
used, it must have the form abcd@efgh. If the remote party is not a UTM Firewall appliance, refer to the
interoperability documents in the KnowledgeBase (mysupport.mcafee.com)to determine what form it
must take.
Leave the Enable IP Payload Compression checkbox unselected.
2
Leave the Enable Phase 1 & 2 rekeying to be initiated from my end checkbox selected.
3
Click Next to configure the Remote Endpoint Settings.
4
Step 4: Remote endpoint settings page
Enter the Required Endpoint ID of the remote party. In this example, enter the Local Endpoint ID at
1
the Branch Office which was: branch@office.
Click Next to configure the Phase 1 Settings.
2
Step 5: Phase 1 settings page
Set the length of time before Phase 1 is renegotiated in the Key lifetime field. In this example, leave the
1
Key Lifetime as the default value of 3600 minutes.
Set the time for when the new key is negotiated before the current key expires in the Rekeymargin field.
2
In this example, leave the Rekeymargin as the default value of 600 seconds.
Set the maximum percentage by which the Rekeymargin should be randomly increased to randomize
3
rekeying intervals in the Rekeyfuzz field. The Key lifetimes for both Phase 1 and Phase 2 are dependent
on these values and must be greater that the value of "Rekeymargin x (100 + Rekeyfuzz) / 100."
In this example, leave the Rekeyfuzz as the default value of 100%.
Enter a secret in the Preshared Secret field. This must remain confidential. In this example, enter the
4
Preshared Secret used at the branch office UTM Firewall appliance, which was: This secret must be
kept confidential.
Select a Phase 1 Proposal. In this example, select the 3DES-SHA-Diffie Hellman Group 2 (1024
5
bit) option (same as the Branch Office Phase 1 Proposal).
Click Next to configure the Phase 2 Settings.
6
288
McAfee UTM Firewall 4.0.4 Administration Guide
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
Related Manuals for McAfee SG310
Related Products for McAfee SG310
- McAfee SG720
- McAfee SAV85E - Active VirusScan - PC
- MCAFEE AGENT 4.0 PATCH 2 - FOR WINDOWS S 10-03-2009
- MCAFEE EPOLICY ORCHESTRATOR 4.0 PATCH 5 - S 12-05-2009
- MCAFEE VIRUSSCAN ENTERPRISE 8.7I PATCH 1 - S 24-04-2009
- MCAFEE VIRUSSCAN ENTERPRISE 8.7I PATCH 2 - S 31-08-2009
- MCAFEE VIRUSSCAN ENTERPRISE 8.7I PATCH 3 - S 09-02-2009
- McAfee SMEFCE-AI-DA - Email Security Service Inbound